allura-dev mailing list archives

Some nuances to consider:
Bitbucket requires 2FA resubmission to view/update settings, not just password reconfirmation.
Reconfiguration vs (re)adding a phone with the same key as before.
* GitHub says "You’re about to change your two-factor authentication device. This will invalidate
your current two-factor devices. This will not affect your recovery codes or fallback SMS
configuration. Those can be updated on the two-factor settings page."
* Bitbucket only lets you disable, then re-enable
* Dreamhost has separate options to view your key, vs regenerate. I like this.
Many sites will show you the text form of the key, so you can enter it manually. Not sure
if this is really needed for anyone? Phones/apps without camera support?
---
** [tickets:#8117] Implement core 2FA**
**Status:** in-progress
**Milestone:** unreleased
**Labels:** security
**Created:** Mon Aug 15, 2016 03:54 PM UTC by Dave Brondsema
**Last Updated:** Mon Aug 15, 2016 03:54 PM UTC
**Owner:** Dave Brondsema
This ticket is for the essential functionality for TOTP 2FA, separate tickets for other aspects
Some details at http://mail-archives.apache.org/mod_mbox/allura-dev/201608.mbox/%3C28c7a399-86c5-5d75-dde4-2ab54fe7b3e4%40brondsema.net%3E
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.
Or, if this is a mailing list, you can unsubscribe from the mailing list.